Skip to content

seccomp: Document AF_ALG and socketcall blocks from moby/moby#52494#24935

Merged
thaJeztah merged 1 commit intodocker:mainfrom
vvoland:seccomp-copyfail
May 1, 2026
Merged

seccomp: Document AF_ALG and socketcall blocks from moby/moby#52494#24935
thaJeztah merged 1 commit intodocker:mainfrom
vvoland:seccomp-copyfail

Conversation

@vvoland
Copy link
Copy Markdown
Contributor

@vvoland vvoland commented May 1, 2026

Add socket and socketcall entries to the "Significant syscalls blocked by the default profile" table to reflect the seccomp profile changes that block AF_ALG sockets (CVE-2026-31431) and deny the socketcall multiplexer to prevent bypassing address family filters.

Description

Related issues or tickets

Reviews

  • Technical review
  • Editorial review
  • Product review

@vvoland vvoland self-assigned this May 1, 2026
@vvoland vvoland requested a review from dvdksn as a code owner May 1, 2026 07:36
@netlify
Copy link
Copy Markdown

netlify Bot commented May 1, 2026
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 8165b8b
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/69f459106eb8e20008268fc7
😎 Deploy Preview https://deploy-preview-24935--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@vvoland
seccomp: Document AF_ALG and socketcall blocks from moby/moby#52494
8165b8b 
Add `socket` and `socketcall` entries to the "Significant syscalls
blocked by the default profile" table to reflect the seccomp profile
changes that block AF_ALG sockets (CVE-2026-31431) and deny the
socketcall multiplexer to prevent bypassing address family filters.

Signed-off-by: Paweł Gronowski <[email protected]>
@vvoland vvoland force-pushed the seccomp-copyfail branch from 3f2e08b to 8165b8b Compare May 1, 2026 07:41
thaJeztah
thaJeztah approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit a7bbfbf into docker:main May 1, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@dvdksn dvdksn Awaiting requested review from dvdksn dvdksn is a code owner

Assignees

@vvoland vvoland

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vvoland @thaJeztah